Hi,
We currently have our remote access users set up so they must go to certificate services and download a user SSL certificate. (which I control access to via IIS)
I have then set up RRAS/IAS to only allow SSL certificated users to connect to the work server via VPN.
However, our support company says this is an obscure and non-standard way of setting up VPN.
Yet when they messed with it they tried to set it up so it allowed username / password to connect and not SSL. (doesn't this send credentials in plain text?)
Surely their way is much more unsecure plus the data transfer wouldn't be encrypted.
They now have suggested we should get a VPN box for VPN users.
Why are they suggesting this, what's wrong with using the server's RRAS & ISA with SSL encryption / security.
What does a VPN box do, how is it better or 'the normal way' of doing things.
Why on earth do they think the way I have it configured is obscure and non-standard?
I'm a little confused over this, so your advice is appreciated.
Thanks,
1DMF.
"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"
Google Rank Extractor -> Perl beta with FusionCharts
We currently have our remote access users set up so they must go to certificate services and download a user SSL certificate. (which I control access to via IIS)
I have then set up RRAS/IAS to only allow SSL certificated users to connect to the work server via VPN.
However, our support company says this is an obscure and non-standard way of setting up VPN.
Yet when they messed with it they tried to set it up so it allowed username / password to connect and not SSL. (doesn't this send credentials in plain text?)
Surely their way is much more unsecure plus the data transfer wouldn't be encrypted.
They now have suggested we should get a VPN box for VPN users.
Why are they suggesting this, what's wrong with using the server's RRAS & ISA with SSL encryption / security.
What does a VPN box do, how is it better or 'the normal way' of doing things.
Why on earth do they think the way I have it configured is obscure and non-standard?
I'm a little confused over this, so your advice is appreciated.
Thanks,
1DMF.
"In complete darkness we are all the same, only our knowledge and wisdom separates us, don't let your eyes deceive you."
"If a shortcut was meant to be easy, it wouldn't be a shortcut, it would be the way!"
Google Rank Extractor -> Perl beta with FusionCharts